CVE-2025-2884

EUVD-2025-17717
TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.6 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
SiemensSIMATIC CN 4100
𝑥
< *
ADP
SiemensSIMATIC Field PG M5
𝑥
< *
ADP
SiemensSIMATIC Field PG M6
𝑥
< *
ADP
SiemensSIMATIC IPC BX-32A
𝑥
< V29.01.09
ADP
SiemensSIMATIC IPC BX-39A
𝑥
< V29.01.09
ADP
SiemensSIMATIC IPC BX-56A
𝑥
< V32.01.09
ADP
SiemensSIMATIC IPC BX-59A
𝑥
< V32.01.09
ADP
SiemensSIMATIC IPC MD-57A
𝑥
< V30.01.10
ADP
SiemensSIMATIC IPC PX-32A
𝑥
< V29.01.09
ADP
SiemensSIMATIC IPC PX-39A
𝑥
< V29.01.09
ADP
SiemensSIMATIC IPC PX-39A PRO
𝑥
< V29.01.09
ADP
SiemensSIMATIC IPC RW-528A
𝑥
< V34.01.02
ADP
SiemensSIMATIC IPC RW-548A
𝑥
< V34.01.02
ADP
SiemensSIMATIC IPC227E
𝑥
< *
ADP
SiemensSIMATIC IPC277E
𝑥
< *
ADP
SiemensSIMATIC IPC427E
𝑥
< V21.01.20
ADP
SiemensSIMATIC IPC477E
𝑥
< V21.01.20
ADP
SiemensSIMATIC IPC477E PRO
𝑥
< V21.01.20
ADP
SiemensSIMATIC IPC627E
𝑥
< *
ADP
SiemensSIMATIC IPC647E
𝑥
< *
ADP
SiemensSIMATIC IPC677E
𝑥
< *
ADP
SiemensSIMATIC IPC847E
𝑥
< *
ADP
SiemensSIMATIC ITP1000
𝑥
< *
ADP
SiemensSIPLUS IPC427E
𝑥
< V21.01.20
ADP
Windows Releases
Platform
Version
Windows 11
22H2 (x64)
KB5066793
23H2 (x64)
KB5066793
24H2 (x64)
KB5066835
25H2 (x64)
KB5066835
26H1 (x64)
KB5077179
Windows Server 2022
23H2 Server Core
KB5066780
Windows Server 2025
Server Core
KB5066835
Standard
KB5066835
Common Weakness Enumeration
References
https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1
https://trustedcomputinggroup.org/about/security/
https://trustedcomputinggroup.org/wp-content/uploads/TPM2.0-Library-Spec-v1.83-Errata_v1_pub.pdf
https://trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdf
https://www.cve.org/CVERecord?id=CVE-2025-49133
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01209.html
https://www.kb.cert.org/vuls/id/282450
https://cert-portal.siemens.com/productcert/html/ssa-628843.html